11#! /bin/bash
2- # Simple setup for NPM token storage in AWS SSM
2+ # Complete setup for NPM token storage in AWS SSM
33
44set -e
55
66# Get repo info
77REPO=$( git remote get-url origin | sed ' s/.*github.com[:/]\(.*\)\.git/\1/' )
88ACCOUNT=$( aws sts get-caller-identity --query Account --output text)
99ROLE_NAME=" github-actions-npm-${REPO// \/ / -} "
10+ REGION=${AWS_REGION:- us-east-1}
1011
11- echo " 🔧 Setting up AWS for $REPO ..."
12+ echo " 🔧 Setting up NPM token management for $REPO ..."
13+
14+ # Step 1: Create AWS resources
15+ echo " 1️⃣ Creating AWS resources..."
1216
1317# Create OIDC provider (idempotent)
1418aws iam create-open-id-connect-provider \
@@ -48,11 +52,73 @@ aws iam put-role-policy --role-name "$ROLE_NAME" --policy-name SSMReadNPM \
4852
4953ROLE_ARN=" arn:aws:iam::$ACCOUNT :role/$ROLE_NAME "
5054
51- echo " ✅ Setup complete!"
55+ # Step 2: Set GitHub variables automatically
56+ echo " 2️⃣ Setting GitHub repository variables..."
57+
58+ if command -v gh > /dev/null 2>&1 ; then
59+ if gh auth status > /dev/null 2>&1 ; then
60+ gh variable set AWS_ROLE --body " $ROLE_ARN "
61+ gh variable set AWS_REGION --body " $REGION "
62+ echo " ✅ GitHub variables configured"
63+ else
64+ echo " ⚠️ GitHub CLI not authenticated. Run: gh auth login"
65+ echo " Then manually set variables:"
66+ echo " gh variable set AWS_ROLE --body '$ROLE_ARN '"
67+ echo " gh variable set AWS_REGION --body '$REGION '"
68+ fi
69+ else
70+ echo " ⚠️ GitHub CLI not installed. Install with: brew install gh"
71+ echo " Then manually set variables:"
72+ echo " gh variable set AWS_ROLE --body '$ROLE_ARN '"
73+ echo " gh variable set AWS_REGION --body '$REGION '"
74+ fi
75+
76+ # Step 3: Prompt for NPM token and store it
77+ echo " 3️⃣ Storing NPM token..."
78+
79+ if [ -n " $NPM_TOKEN " ]; then
80+ # Token provided via environment variable
81+ aws ssm put-parameter \
82+ --name ' /npm/token' \
83+ --value " $NPM_TOKEN " \
84+ --type SecureString \
85+ --region " $REGION " \
86+ --overwrite 2> /dev/null || aws ssm put-parameter \
87+ --name ' /npm/token' \
88+ --value " $NPM_TOKEN " \
89+ --type SecureString \
90+ --region " $REGION "
91+ echo " ✅ NPM token stored from environment variable"
92+ else
93+ # Prompt for token
94+ echo " "
95+ echo " 📝 Please enter your NPM token:"
96+ echo " (Get it from: https://www.npmjs.com/settings/tokens)"
97+ read -s -p " NPM Token: " USER_NPM_TOKEN
98+ echo " "
99+
100+ if [ -n " $USER_NPM_TOKEN " ]; then
101+ aws ssm put-parameter \
102+ --name ' /npm/token' \
103+ --value " $USER_NPM_TOKEN " \
104+ --type SecureString \
105+ --region " $REGION " \
106+ --overwrite 2> /dev/null || aws ssm put-parameter \
107+ --name ' /npm/token' \
108+ --value " $USER_NPM_TOKEN " \
109+ --type SecureString \
110+ --region " $REGION "
111+ echo " ✅ NPM token stored securely in SSM"
112+ else
113+ echo " ⚠️ No token provided. Store manually with:"
114+ echo " aws ssm put-parameter --name '/npm/token' --value 'YOUR_TOKEN' --type SecureString --region $REGION "
115+ fi
116+ fi
117+
52118echo " "
53- echo " 1. Set GitHub variables:"
54- echo " gh variable set AWS_ROLE --body '$ROLE_ARN '"
55- echo " gh variable set AWS_REGION --body 'us-east-1'"
119+ echo " 🎉 Setup complete! Your NPM token is now:"
120+ echo " ✅ Stored encrypted in AWS SSM"
121+ echo " ✅ Accessible via GitHub Actions OIDC"
122+ echo " ✅ Ready for automatic NPM publishing"
56123echo " "
57- echo " 2. Store NPM token:"
58- echo " aws ssm put-parameter --name '/npm/token' --value 'YOUR_NPM_TOKEN' --type SecureString --region us-east-1"
124+ echo " 💡 Test by pushing code - the workflow will automatically publish!"
0 commit comments